Tutcyber

IT Infrastructure Library (IITL)

ITIL is a best practice framework that has been drawn from both the public and private sectors internationally It describes how IT resources should be organized to deliver Business value. It models how to document processes,functions and roles of IT Service Management (ITSM). Service Strategy Service Portfolio Management. Financial Management. Demand Management. Business Relationship Management. Service Design Service Catalogue Management. Service Level Management. Information Security Management. Supplier Management. Service Transition Change Managemen…

Process

Introduction Security Operations Centers (SOC) need to how the current key skills , tools and processes to be able to detect, investigate and sop threats before they become costly data breaches. Definition  A set of defined repeatable steps that take inputs,odd value and produce outputs that satisfy customer's requirement. Attributes of process  Inputs: Information or materials that are required by the process to get standard. Outputs: Services or products that satisfy customer requirement. Bounds/Scope: The process starts when .. and ends when .. …

Security standards and compliance

Best practices, baselines and frameworks Used to improve the controls methodologies and governance for the IT departments or the global behavior of the organization. Seeks to improve performance,controls and metrics Helps to translate the business needs to technical or operational needs. Normative and Compliance Rules to follow for a specific industry. Enforcement for the government,industry or clients. Event if the company or the organization do not want to implement those controls,for compliance. COBIT - Project manager methodologies. ITIL - Industry …

Windows Server log

Logging Basics Logs are records of events that happen in your computer,either by a running process.They help you track what happened and troubleshoot problems. The most common location for logs in Windows is the Windows Event Log . It contains logs from the operating system and several applications such as SQL server or IIS .The logs use a structured data format,making then easy to search for  analyze.Additionally,some applications write to log files, for example IIS access logs in text format . Auditing Windows Server Audit policy Establishing audit po…

KerberOS Authentication and logs

Kerberos is an authentication protocol that is used to verify the identity of a user or host. The Kerberos key distribution center (KDC) is integrated with other Windows server security services and uses the domains Active Directory Domain Services Database. The key benefits for using for using kerberos include: Delegated authentication Single sign on Interoperability More efficient authentication to servers. Mutual authentication

Server management with Windows Admin Center

Active Directory Groups Security groups are used to collect user accounts,computer accounts and other groups into manageable units. 1. For Active Directory,there are two types of administrative responsible: Service Administrators. Data Administrators. 2. There are two types of groups in Active Directory: Distribution groups: Used to create email distribution lists. Security groups: Used to assign permission to shared resources Group scope: Groups are characterized by a scope that identifies the extent to which the group is applied in the domain tree o…

Restrict and protect sensitive domain accounts

Separate administrator account from user accounts. Privilege account: Allocate administrator accounts to perform the following administrative duties only.    1.Minimum: Create separate accounts for domain administrators,enterprise administrators or the equivalent with appropriate administrators.    2.Better: Create separate accounts for administrators that have reduced administrative rights,such as accounts for workstation administrators and accounts with user rights over designated Active Directory Organizational Units (OUs).    3.Ideal: Create multip…

Active Directory

Active Directory Domain Services (ADDS) stores information about objects on the network and makes this information easy for administrators and users to find and use. Objects typically include shared resources such as servers,volumes,printers and the network user and computer account. Security is integrated with Active Directory through authentication and access control to objects in the directory via policy-based administrators. Features: A set of rules,the schema. A Global catalog. A query and Index Mechanism. Active Directory Account Default local acc…

Local User Accounts

Local User Accounts are stored locally on the windows workstation or server. Default local user accounts Administrator Account Guest Account Default Account Help Assistant Account Default local system Account SYSTEM NETWORK SERVICE LOCAL SERVICE Management of Local users Accounts and security considerations   The default local user accounts and the local user accounts that you create, are located in the user's folder.   Security considerations Restrict and protect local accounts with administrative rights. Enforce local account restrictions for rem…

Role based Access Control and Permisions

Windows Access Control After a user is authenticated,the windows OS determines if the user has the correct permissions to access a resource. In the access control model,users and groups (security principals) have assigned rights and permissions that inform OS hat user and permissions that inform OS what each user and group can do. Security principals perform actions on objects. Shared resources use access controls lists (ACLs) to assign permissions to enforce access control in two ways:--           1 .Deny access to an unauthorized users and group.     …

File System

A file is a unit of data in the file system that a user can access and manage.A file must have a unique name in its directory. A directory is a hierarchical collection of directories and files. NTFS (New Technology File System) 1993 Most common file system for windows end user system. Most windows servers use NTFS as well. FAT XX (File Allocation Table) 80s Now mainly used for removable storage devices under 32GB capacity.

User and Kernel Modes

MS Windows component User mode and kernel mode. Drivers call routines that are exports by various kernel components. Drivers must respond to specific calls from the operating system and can respond to other system calls. For a list of kernel mode routines that drivers may need to support. User Mode When you start a user-mode application,windows creates a process for the application.              1.Private virtual address space.              2.Private handle table. Each application runs in isolation and if an application crashes, the crash is limited to …

Windows Patching

Patch A patch is a set of changes to a computer program or it's supporting data designed to update , fix or improve it.This includes fixing security vulnerabilities and other bugs,with such patches usually being called bug fixes or bug fixes and improving the functionality,usability or performance. Microsoft releases patches in a monthly cycle,commonly referred to as " Patch Tuesday " ,the second Tuesday of every month. Four types of Updates:  Security Updates: Security updates or windows work to protect against new and ongoing threats.The…

Baics of Endpoint Protection

Endpoint protection management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources. Endpoint security management systems,which can be purchased as software or as a dedicated appliance discover.manage to the corporate network. Endpoint security systems work on a client/server model in which a centrally managed server or gateway hosts the security program and an accompanying client program is installed on each network device. Unified Endpoint Man…

The PCI Data Security standard

It was introduced in 2004 by American Express,Discover,MasterCard, and Visa in response to security breaches and financial losses within the credit card industry. Since 2006 the standard has been financial losses maintained by the PCI standards council , a "global organization,(IT) maintains,evolves and promotes payment card industry standards for the safety of cardholder data across the globe. Now comprised of American Express,discover,JCB International,MasterCard, Visa Inc. Applies to all entities that store,process and/or transmit cardholder dat…

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA - HITECH The US Federal laws and regulations that defines the control of most personal healthcare information for companies responsible for managing data. The HIPAA Privacy rule establishes standards to protect individuals medical records and others personal health information and applies to health plan healthcare clearing houses and those health care transactions electronically. HIPAA Definition: US Department of Health and Human Services (HHS) office of civil Rights (OCR): Governing entity for HIPAA. Covered Entity: HHS - OCR define companies th…

Continuous Monitoring between Audits

Purpose: Ensure controls are operating as designed. Identify control weaknesses and failure outside an audit setting. Communicate results to appropriate stakeholder. Scope:        All production devices controls will be tested for operating effectiveness over time focusing on: Execution against the defined security policies. Execution evidence maintenance availability. Timely deviation from policy documentation. Timely temporary failures of a control or loss of evidence documentation and communication.

SOC1/SOC2 Test

General controls: Inventory Listing. HR Employee Listing. Access Group Listing. Access transaction Log. A.Organization and Management: Organizational Chart. Vendor assessments. B.Communications: Customer Contracts. System Descriptors. Policies and Technical specifications. C.Risk Management and Design/Implementation of controls: IT Risk Assessment. D.Monitoring of controls: Compliance Testing. Firewall monitoring. Intrusion Detection. Vulnerabilities management. Access Monitoring. E.Logical and Physical Access controls: Employment Verification. Continuo…

SOC Reports

Why SOC Reports? Some industry require SOC2 or local compliance audit. Many organizations who know compliance, know SOC2 Type 2  consider it a stronger statement of operational effectiveness than ISO 27001 (Continuous Testing). Many organization's client will accept SOC2 of the right to audit. SOC2 security Name: Trust services Principles and criteria for security - The system is protected against unauthorized access. Governance: AICPA Purpose: Assist service organization management in reporting to customers that it has established security criter…

US Cybersecurity Federal Law

Computer Fraud and Abuse Act (CFAA) The computer Fraud and Abuse Act is a US cyber security bill that was enacted in 1984. Federal Information Security Management Act of 2002 ( FISMA ) Federal Information Security Modernization Act of 2014 ( FISMA 2014 ) FISMA assigns specific responsibilities to federal agencies, the NIST and the office of management and Budget ( OMB ) in order to strengthen information security system. --------------------------------------------------------------------------------------------------------------------------------------…

Cyber Security

Security Event An event on a system or network detected by a security device or application. Security Attack A security event that has been identified by correlation and analytics tools as malicious activity that is attempting to collect,disrupt,deny,degrade or destroy information system resources or the information itself. Security Incident An attack or security event that has been reviewed by security analyst and deemed worthy of deeper investigation. Compliance Basics Security Designed protection from theft or damage,disruption or misdirection. Phys…

Test Automation

Test Automation primer (Things to consider) Commitment to development. Cost QA resource Expectation Why we need to automate? Saves time and money Improves accuracy Increase test coverage Does what manual testing can't cover. Assists developers. Test Driven Development   Add test Watch Test Fail Write Code Run Tests Refractor Repeat 1 Best Practice Setup - Put the Unit Under Test (UUT) or the overall test system in the state needed to run the test. Execution - Trigger / driver the UUT to perform the target behavior and capture all output. Validation …

Platform specialization

Cloud Testing Stress Compatibility Functional Browser performance Latency Load & performance Cloud Steps Develop user Scenarios Design test case. Select cloud Service provider Setup Infrastructure. Leverage Cloud servers Start testing Monitor Testing Goals deliver Results Package implementation Packaged solutions can usually be implemented faster and cheaper than developing the solution from scratch. The total time and cost required for a package implementation project may still be substantial.

Non functional Testing

Usability Is it fit for purpose? Measures the capacity the application has to meet its users needs. Hailway testing to look for show-stoppers.  Accessibility Accessibility testing is a subset of usability testing. Where the users under consideration have disabilities that affect how they use the application. The goal, in both usability and accessibility , is to discover how easily people can use a website and feed that information back into improving feature designs and implementations. Performance Load Testing Simplest form of performance testing. Unde…

Functional Testing Approach

White Box Glass Box Clear-box testing Rules Testers must have knowledge of what is going on inside the application The tester should be concentrating on how the software does its job.A structured technique wants to know how loops in the software are working. Structural testing can be used at all levels of testing.Developers use structural testing in component testing and component integration testing especially where there is good tool support for code coverage. White Box testing Ideally a tester will have some programming knowledge. Scripted testing Sc…

Testing type

Unit Testing a small part of code , instead of the finished product. Write code easier to test In depth tests. Integration Individual code components are merged together or with preexisting software project. The overall idea is a "building block" approach, in which verified assemblages are added to a verified base which is then used to support the integration testing of further assemblages. System System testing is the prime objective of any software product.It conducts testing of whole software product to identify the errors in software. Reg…

Phases of software testing

Who perform the tests. QA(Quality Assurance) team should perform all tests,developers will only sanity check their applications' Under QA manager => QA Leader Under QA Leader => QA Designers  QA Engineers  Automation QA Engineers Test scope Scope defined by requirements. Make boundaries clear in test preparation document. Common Testing tools Ticketing system ( e..g. Bugzilla,osTicket,Trac etc ) Automated testing tools.( e.g.Selenium etc ) Load testing tools(e.g. Seige ( HTTP load testing & benchmarking utility) ) Testing strategies & …

Configuring the test system

Considerations: Documentation of live system. Verification. Debug information. Platform separation. Rollback. The ideal QA environment Virtualized. Deployed or verified by project team. Rollback Root privileges. Operating the test system Who is using the test system? (Names of testers,ensure only QA team has access) Load test scheduling (When will the system be put under load).  Destructive testing (Destructive to break it). Destructive testing Destructive software is a type of software testing which attempts to cause a piece of software to fail in an u…

Defining test procedures / method

A test procedure is a method in which you will produce test results,when documented it should include: Descriptive title. Scope of test subjects (code version). Date of software version. Person,office or agency responsible for questions on the test method,updates and derivations. The significance or important of the test method and its intended use. Terminology. A listing of the types of testing of testing apparatus. Safety precaution. Environmental consideration. Results sampling,how logs etc will be captured. Preparation of test data. Detailed procedu…

What to test and How to test?

Code Coverage A measure used to display the degree in which the source code of a program is tested by a test set. Good test coverage     Test code coverage         It will create additional test cases to increase coverage and it also helps to find areas of a program not exercised by a set of test cases.         It also help in determining a quantitative measure of code coverage, which is indirectly measure the quality of the application or product. Fault injection -->Exhaust all outcomes of code decision. -->Error handling -->Stress testing --&…

Unveiling the Essence of Software Testing: A Comprehensive Guide

In the dynamic landscape of software development, quality assurance is paramount. One of the crucial pillars in ensuring software reliability is thorough testing. In this blog post, we'll explore the purpose of software testing, shedding light on its significance in the development life cycle. Why Software Testing Matters: Testing serves as the litmus test for the quality of the software being developed. It operates under the assumption that defects exist, waiting to be unearthed. This perspective is seldom challenged, and for good reason – early de…